Is a Standard ‘NHS Online Account’ Feasible? · Is a Standard ‘NHS Online Account’...
Transcript of Is a Standard ‘NHS Online Account’ Feasible? · Is a Standard ‘NHS Online Account’...
Digital In Action – 24-May-16
Is a Standard ‘NHS Online Account’
Feasible?
John Webb, Liverpool CCG Digital Care PM
Phil Stradling, NHSE Citizen Identity Lead
Vision for Citizen Identity
2
• A citizen can verify their identity once and use their choice of digital identity to access services
across care settings and the public sector in a safe and secure manner (federated identity)
What we’re testing with local health economies:
1. Enabling CCGs to drive digital relationships with patients and carers using a verified identity
2. Options for identity verification: a) GOV.UK Verify, and b) Local Verification
3. Matching a verified individual to their NHS number
4. Citizen controlled sharing of identity attributes
Healthy Liverpool Programme
Digital Care
• Interoperability
• Scale up Assistive Tech
• PHR to support• Information gathering
• Data sharing & Consents
• Self-care
• Joint decision-making
• Online interactions
Initial Hub Model
Local platform(Microsoft Azure)
Liverpool app portfolio
Referral
Pain Management app
Other Apps
Professional Portal
Patient
Email Invites
Message bus HospitalAPIs
Registration
Referrals
Microsoft
PHR
APIs
GP Practice
EMIS
Encryption
Keys
Clinician
Patient
GP Practice
GOV.UK Verify
• New way to prove who you are online
• Choice of 8 certified companies to verify your identity.
• Aim is an account that can be used across all Government services -including local government.
• Over 500k verified IDs so far
• Pipeline of services• 10 live: Tax/Pension/Driving License• 50 more on roadmap
• For more info see www.gov.uk/verify
5
A short video
Local Verification
6
CCGGP practice HSCIC
Registration form
Registration details
PID and NHS No
GP system
NHS Online account
Citizen
Set up social identity and phone
API
+ Evidence
of ID
Vouching App
RegistrationApp
Citizen
Revised Hub Model
Local platform
Liverpool app portfolio
Vouching app
Pain Management app
Other Apps
Professional Portal
Patient
Email Invites
Federation broker
HospitalAPIs
Registration
Referrals
Microsoft
PHR
APIs
GP Practice
EMIS
Consents
Keys
Clinician
Social identity providers
(e.g. Google)
GOV.UK Verify
HSCIC
Online accounts
Multi-factor authentication
service(using phone)
VerifyAccountsPatient
GP Practice
Evidence of ID
Login Liverpool Health App
2-Factor Authentication
Azure Active Directory B2C
Azure Service Bus
The case for a standard NHS Online Account
1. Citizen has control of their NHS Online Account• Only created with citizen’s consent • Citizen can ‘opt-out’ and delete their account
2. Minimal disclosure as an account consists of two data elements:• NHS no• Selected digital identity
3. Enables flexibility for local NHS bodies• Use of NHS no to create new local accounts• Use of NHS no to access existing records• Open market for app developers to innovate
4. Deployment options• HSCIC hosts the NHS Online Account with open APIs for access• CCGs host local instances of NHS Online Account, with HSCIC hosting a locator service
8
Current Situation
1. Liverpool is about to trial Verify & Local Verification
2. Ongoing risk mitigation work to address masquerading and safeguarding issues – across HSCIC, GDS, NHS
3. Starting to engage other NHS localities as early adopters
9
Support for Other Localities
• Available support:• GDS on-boarding team and process• SE CSU team and guidance on use of Citizen Identity• Liverpool docs, e.g. privacy impact assessment
• Re-usable components• HSCIC Matching service
• NHS Online account service• Integration with PDS for matching demographics to NHS No.
• Microsoft:• Federation broker and support for open standards• Interface with Verify
• Liverpool CCG• Vouching components• Trust framework policy/scripts
10
Q&A
• Questions
• Follow-ups
11
Locality B
Patient facing app
GDS hub
Architecture for enabling other localities
Access
Patient
Federation broker
Patient facing app
Verification +Authentication
Matching service
NHS Online account
OIDC
Locality A
Sign-in
Patient
Certified identity providerGOV.UK Verify
HSCIC
PID NHS no
PDS
Professional
SAML
• Cohort identification
• Sign-post to digital pathway
REST
Invite patients
OIDC = OpenID Connect, a standard based on OAuth
NHS Two-Factor Authentication
External Services
Social Identity
Providers